18th Annual Computer Security Applications Conference
December 9-13, 2002
Las Vegas, Nevada

Classic Papers

Chair: Dan Thomsen, Secure Computing Corporation, USA

Those who do not forget the past are the masters of the future
      – Sima Qian

The Internet boom has given rise to a whole new cadre of computer security practitioners. The diligent new practitioner may uncover classic, relevant computer security results from the past on their own. However, given the wealth of information, both new and old that must be sorted through, we thought it was important to create a forum to present security gems from the past. This is the second year the ACSAC conference has offered a classic paper session. The goal of the classic paper session is to capture the highlights of some of the early work in computer security. The goal is not to just to present the technology again, but to incorporate lessons learned. We want to capture what worked well, and what didnít. Negative results are an important part of science, unfortunately they rarely get funding. For this yearís session we have selected three papers. Two of the papers are concerned with creating general purpose, secure, high-assurance systems.

Unfortunately, we do not see a plethora of these systems in the commercial market today. One paper is from the point of view of the system designer, the other paper is from the point of view of the customer funding the effort. The third paper deals with a specific aspect of high assurance, covert channel analysis. The term high assurance has been bantered about lately, but it appears not to mean the same thing as it did twenty years ago. To be considered for the classic paper session a paper has to be at least ten years old. Papers are selected by a small committee appointed by the program chair. Papers are selected based on their impact to the science of computer security. Another contributing factor is the original author having the time and energy to update the paper with a historical perspective. Updating a technical paper to include a historical perspective represents a great deal of effort. We wish to thank Paul Karger, Richard Kemmerer, and Sami Saydjari for updating their original papers to be included into the classic paper session. Hopefully you will find these papers useful tools in creating future classic papers.

LOCK: A Historical Perspective§, O. Sami Saydjari, Cyber Defense Agency, LLC, USA

A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later§, Richard Kemmerer, University of California, Santa Barbara, USA

Thirty Years Later: Lessons from the Multics Security Evaluation§, Paul Karger, IBM Corporation, T. J. Watson Research Center, USA and Roger Schell, Aesec Corporation, USA

Original Multics Paper

Scan of Original Multics Paper @NIST (5.5MB)